cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

iaik.security.ssl.SSLCertificateException: Peer certificate rejected by Cha

Former Member

on ‎04-13-2010 6:10 AM

0 Kudos

Hi All,

Following Error coming in IE and in AE (receiver SOAP adapter) in PI 7.1

Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

We have successfully installed Certificate in Trust Key store in J2EE.

The interesting part is this interface is running successfully couple of days and on other day message is getting errored out for above reason. Again next day interface running successfully. I am totally confused and i am not sure for what reason it is erroring and where to check.

IT is some thing like ON and OFF running. Interface Pattern Used _ABAP Proxy (ASYNC) - BPM - (SYNC) WebService_

Please advice

Thanks

VR

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

mjm_cornelissen
Discoverer
‎01-13-2011 1:07 PM
0 Kudos

Hi Vick,

It seems I have a similar problem, SOAP calls running OK for a while and failing seemingly random with the error "Peer certificate rejected by ChainVerifier". Did you ever find the cause of your problem and (even more interesting the solution?

thanks

Michel c

Show replies
Show replies
Former Member
‎01-13-2011 1:55 PM
0 Kudos

Hi Michel,

There are few reasons for such an error which I am listing below:

1. The server certificate is invalid/expired.

2. The server certificate has a server chain i.e. certificate A signed by B and B signed by root certificate C. For SAP PI its important to have the certificate chain in correct sequence which means A->B->C in that order. Most of the times this is the reason you get the error Server Certificate rejected by Chain Verifier.

3. SAP PI relies on IAIK libraries for SSL communication. Now there are some specific versions of IAIK which had problems, so you need to install the corrected patched version fo IAIK which SAP would be able to check and recommend.

As this problem happens intermittently, I think point 3 is something which you can find out else also check for Point 2.

Best Regards,

Pratik

Former Member
‎04-13-2010 6:29 AM
0 Kudos

I have noticed the message is using SOAP: request message entering the adapter with user J2EE_GUEST

Can the message enter with J2EE_GUEST User? for HTTPS - Receiver Adapter? or it has to use right user name?

Please Advice

Thanks

VR

Show replies
Show replies
Ask a Question